GDPR Compliance Statement and Privacy Policy

The EU General Data Protection Regulation (GDPR) is in force from 25 May 2018.
The GDPR provides a set of ‘digital rights’ and protections for EU citizens in terms of the data that individuals and organizations hold about them, and applies new responsibilities to those organizations on what data they can hold, how they can process and use that data, and how individuals can access or request changes to or deletion of the data held about them.

1. Awareness

This Compliance Statement applies to data held and processed by the Green Man Committee, an annually appointed group of people who wish to organise and run Pilton Green Man Day. Committee Members are aware of the impact of and responsibilities for the GDPR compliance, and have read this Compliance Statement.

It is available publicly on the websites http://www.piltonfestival.co.uk. Additionally, links to this Statement have been sent in an email to every individual whose data we hold.

2. Information we hold

Email addresses of people who have emailed us and to whom we have replied – automatically saved in mail server software.

Individuals who have served as, or are, are Committee members. This data comprises Email Address, First Name, Family Name, Address and Telephone Number(s).

Individuals who have expressed a wish to help with the organisation and running of Green Man Day but are not Committee members. This data comprises Email Address, First Name, Family Name, and possibly Telephone Number(s).

Individuals who have expressed a wish to help with the Green Man Day Pageant. This data comprises Email Address, First Name, Family Name, and possibly Telephone Number(s).

Individuals/ Businesses/Charities who provide services to Green Man Day or have applied for a stall at our event. This data comprises Email Address, First Name, Family Name, and possibly Telephone Number(s).

Both paper and electronic copies of information are stored securely by individual Committee members. Consent for our use of information can be withdrawn at any time.

How we use your data

To give notice of our AGM and meetings;

To give reminders and provide information about the next Green Man Day including opportunities for volunteering or having a stall;

To comply with our licensing and H&S requirements, where people have a relevant role.

Every mailing includes an ‘unsubscribe’ option that allows each recipient to request their details be removed.

We aim to act on these requests as rapidly as practically possible.

3. Privacy information

The privacy information required under the GDPR Regulations are as follows:Identity and contact details of the controller: Donna Sibley for the Green Man Day Committee, piltonfestival@googlemail.com

Purpose of the processing and the legal basis for the processing: Data is collected and retained for the purposes of informing individuals of events in which they have expressed an interest. This data is collected and processed under the legal basis of ‘Legitimate Interests’.

Categories of personal data: The categories of personal data collected and processed are as indicated in the section on ‘Information we hold’, above.

Any recipient or categories of recipients of the personal data: Data is used only by the Green Man Day Committee for the purposes outlined above.

Retention period or criteria used to determine the retention period: Data is retained for as long as it still has relevance; for example, individuals who wish to be informed about Green Man Day will have their data retained as long as the events continue, or until they request to be unsubscribed.

The existence of each of data subject’s rights: The data subjects rights are acknowledged and best efforts will be used to respond to any and all requests for access to or deletion of data records. The right to withdraw consent at any time, where relevant:Every mailing includes an ‘unsubscribe’ option that allows each recipient to request their details be removed.

The right to lodge a complaint with a supervisory authority: the Green Man Day Committee is based in the UK and the relevant supervisory authority is the Information Commissioner’s Office (ICO) – see https://ico.org.uk/

The source the personal data originates from and whether it came from publicly accessible sources: The sources the personal data originates from are as indicated in the section on ‘Information we hold’, above.

Whether the provision of personal data is part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data: There are statutory requirements to provide data in line with our licensing and H&S conditions.

The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences: No automated decision making is used.

4. Individuals’ rights

We acknowledge individuals’ rights as specified in the GDPR and will make best efforts to respond to any requests from individuals in association with these rights, as follows:

the right to be informed

the right of access

the right to rectification

the right to erasure

the right to restrict processing

the right to data portability

the right to object

the right not to be subject to automated decision-making including profiling

5. Subject access requests

We will make best efforts to respond to any requests from individuals in association with these rights as quickly as possible, and in all cases within the one month timescale required by GDPR.

6. Lawful basis for processing personal data

Data is collected and processed under the legal basis of ‘Legitimate Interests’, using the three-part test:

Identify a legitimate interest: By joining our mailing list, volunteering or applying for a stall individuals have expressed a legitimate interest in the Green Man Day Committee.

Show that the processing is necessary to achieve it: Communication via email is fundamental to the operation of the Green Man Day Committee.

Balance it against the individual’s interests, rights and freedoms: the individual has the absolute right to request deletion of their data at any time.

Data is used in ways which the individuals would reasonably expect and which has a minimal privacy impact. Only data necessary for the operations stated is collected and processed.

7. Consent

Consent is requested from each individual on contacting the Green Man Day Committee for use of their data in the ways outlined above.

8. Children

Children may take part in our Procession, Pageant or perform on our stages. We will only collect personal information about children to enable them to take part where their parents have given permission for us to do so. This information will be destroyed once their part has ended.

9. Data breaches

We acknowledge the requirement to notify the ICO in certain instances of data breaches. Reasonable steps are taken to prevent data breaches.